3 matches found
CVE-2019-9845
madskristensen Miniblog.Core through 2019-01-16 allows remote attackers to execute arbitrary ASPX code via an IMG element with a data: URL, because SaveFilesToDisk in Controllers/BlogController.cs writes a decoded base64 string to a file without validating the extension...
CVE-2019-9845
madskristensen Miniblog.Core through 2019-01-16 allows remote attackers to execute arbitrary ASPX code via an IMG element with a data: URL, because SaveFilesToDisk in Controllers/BlogController.cs writes a decoded base64 string to a file without validating the extension...
CVE-2019-9845
The CVE-2019-9845 entry affects Madskristensen Miniblog.Core up to 2019-01-16. The underlying issue is in SaveFilesToDisk (Controllers/BlogController.cs): it writes a decoded base64 string to a file without validating the target file extension, enabling a remote attacker to execute arbitrary ASPX...